Practice Free FCP_WCS_AD-7.4 Exam Online Questions
You are troubleshooting network connectivity issues between two VMs deployed in AWS.
One VM is a FortiGate located on subnet "LAN" that is part of the VPC "Encryption". The other VM is a Windows server located on the subnet "servers" which is also in the "Encryption" VPC. You are unable to ping the Windows server from FortiGate.
What are two reasons for this? (Choose two.)
- A . The firewall in the Windows VM is blocking the traffic.
- B . The default AWS Network Access Control List (NACL) does not allow this traffic.
- C . By default, AWS does not allow ICMP traffic between subnets.
- D . Add an inbound allow ICMP rule in the security group attached to the windows server.
An organization has created a VPC with two subnets and deployed a FortiGate-VM (VM04/c4.xlarge) in AWS.
The EC2 instance is initially configured with two Elastic Network Interfaces (ENIs). The primary ENI is configured on the public subnet, and the secondary ENI is configured on the private subnet. To provide internet access for the FortiGate-VM, they now want to associate an EIP to its primary ENI, but the assignment is failing.
Which action would allow the EIP assignment to be successful?
- A . Create and associate a public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI.
- B . Shut down the FortiGate VM, if it is running, assign the EIP to the primary ENI, and then power it on.
- C . Create and attach an internet gateway to the VPC, and then assign the EIP to the primary ENI of the FortiGate VM.
- D . Create and attach a public routing table to the public subnet, associate the public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI.
What is a drawback of deploying a FortiWeb VM inside a virtual public cloud (VPC) compared to FortiWeb Cloud?
- A . It is unable to support web applications from OWASP Top 10 threats.
- B . It does not support zero-day protection.
- C . It is slower than FortiWeb Cloud to apply advanced WAF protection.
- D . Only applications going through the VPC are protected.
An administrator needs to attach an Elastic Network Interface (ENI) to an application instance in a VPC with multiple availability zones. An instance runs in availability zone 1.
Which ENI property must the administrator consider when implementing this requirement?
- A . An ENI cannot attach to an instance in availability zone 2.
- B . After the ENI detaches from one instance, it can reattach only to the same instance.
- C . You can detach the primary ENI from an AWS instance.
- D . When you move an ENI, network traffic remains directed to the old instance until you terminate that instance.
AWS native network services offer vast functionality and inter-connectivity between the cloud and on-premises networks.
Which three additional functions can FortiGate for AWS offer to complement the native services offered by AWS? (Choose three.)
- A . Higher VPN throughput
- B . Web filtering
- C . OSPF over IPSec
- D . Advanced dynamic routing
- E . Secure SD-WAN with application visibility
Which two statements about the FortiCloud portal are true? (Choose two.)
- A . You can gain remote access to your FortiGate VM directly from the portal.
- B . To assign permissions in the identity and access management (JAM) portal, you must write a JSON script.
- C . You can access the FortiFlex portal only after you purchase a FortiFlex license and register it on FortiCare.
- D . You can access only cloud services that you have subscribed to on AWS marketplace.
Refer to the exhibit.
What occurs during a failover for an active-passive (A-P) cluster that is deployed in two different availability zones? (Choose two.)
- A . The cluster elastic IP address (EIP) is moved from Port1 of FGT-1 to Port1 of FGT-2.
- B . The secondary IP address of Port2 of FGT-1 is moved to Port2 of FGT-2.
- C . The default static route in the Private-AZ1 subnet route table is modified to forward all traffic to Port2 of FGT2.
- D . An additional route is added to the route table of the HA Sync AZ2 subnet to forward all traffic to the Internet GW.
A customer has implemented GWLB between the partner and application VPCs. FortiGate appliances are deployed in the partner VPC with multiple AZs to inspect traffic transparently.
Which two things will happen to application traffic based on the GWLB deployment? (Choose two.)
- A . Inbound and outbound traffic will go to multiple devices, which will perform load balancing.
- B . Inbound and outbound traffic will go to the same device, which will perform stateful processing.
- C . The content of the original traffic exchanged between the GWLB and FortiGate will be preserved.
- D . The original traffic exchanged between the GWLB and FortiGate will be hashed for data integrity.
Refer to the exhibit.
An administrator configured a FortiGate device to connect to the AWS API to retrieve resource values from the AWS console to create dynamic objects for the FortiGate policies. The administrator is unable to retrieve AWS dynamic objects on FortiGate.
Which two reasons can explain why? (Choose two.)
- A . The AWS API call is not supported on XML version 1.0.
- B . AWS was not able to validate credentials provided by the AWS Lab SDN connector because of a clock skew between FortiGate and AWS.
- C . The AWS Lab SDN connector is configured with an invalid AWS access or secret key.
- D . The AWS Lab SDN connector failed to connect on port 401.
- E . The AWS Lab SDN did not find any instances in the configured VPC.
You need to deploy a new Windows server in AWS to offload web traffic from an existing web server in a different availability zone.
According to the AWS shared responsibility model, what three actions must you take to secure the new EC2 instance? (Choose three.)
- A . Update software on the instance.
- B . Change the existing elastic load balancer (ELB) to a gateway load balancer
- C . Configure security groups.
- D . Manage the operating system on the instance.
- E . Move all web servers into the same availability zone.